Hackers Using Photographs of Cats and Sunsets to Steal Banking Information

Posted by Steph Kaye on Wednesday, March 5th, 2014 at 11:31am.

Power of a Photo


Cat photos-they are very adorable and are even shared more than selfies, but could also be potentially full of malware. Hackers are issuing commands to machines infected with the Zbot malware using popular images of sunsets and cats. Malware is malicious software that gives partial to full control of your computer to do whatever the malware creator wants. Malware can be a virus, worm, trojan, adware, spyware, root kit, etc. The damage can vary from something slight as changing the author’s name on a document to completely taking control of your computer without the you even realizing it.

The malware is called TSPY_ZBOT.TFZAH, and doesn't itself come through the images, but instead, once it's already in place it uses the photos as a way of masking code that might otherwise be easier to spot. The images can spread in a variety of ways. They can be shared as standalone malicious files that send out commands to infected machines, or inserted into web pages and set to automatically target visitors to the site. Once it's in place, it will download the image without your knowledge.  Once decrypted, the hidden data in the picture reveals the file's real purpose. The user does not even see this particular image, but if you did happen to see it it would look like an ordinary photo. Using steganography, a list of banks and financial institutions that will be monitored is hidden inside the image. The image contains concealed information for the malware, specifically of various banks to target. If the user then visits one of those bank websites, it intercepts login information, gaining them access to your bank account. This lost includes institutions from across the globe, particularly in Europe and the Middle East.

The malware may or may not affect you. It’s classified as “low risk” and seems to infect only Windows (up to Windows 7), but if you happen to view one of these photos, and you happen to be a customer of one of the targeted banking institutions, you could be at risk of having your credentials stolen (e.g. usernames, passwords, etc.). 

 Removing Malware

1.)    Disconnect the computer from the network or any other computer, that might be using the infected system for file sharing or Internet connection. It is advised to not use a wireless keyboard and mouse while removing malware.Verify that your firewall is active. If you do not have a any firewall except a Windows firewall, then download a high-end free firewall for additional protection. Make sure that your current Internet security software is active, and you have downloaded the most current download. If you are not using any type of Internet security, or it is expired, then find a high-end free version you can download and install. 

2.)     Boot-up the in Safe Mode; this insures all the drivers and programs not essential to the running of the machine are off. To boot in Safe Mode, start pushing the F8 key as soon as you turn on your computer. When the new window pops up, scroll to "Safe Mode." Now, run your anti-virus software on a deep scan. During the scan, alerts will appear notifying you of malware and where it is located. Write down the exact name and location of the infected file. This is a precaution, in case the infected file deleted is essential and you have to restore it later. When the anti-virus scan is complete, you are ready to start the anti-spyware scan.

3.)     Your Internet Security dashboard should still be open, if not open it again. Now launch your anti-spyware scan. Remember, you want to do a deep scan, which can take several hours depending on the number of hard drives and they size of each. At the end of the scan, you will see a list of spyware on the infected computer. Follow instructions for removing it.

4.)     Restart your computer in normal mode and watch closely for any of the same symptoms which were causing you issues before the malware removal. If you still see symptoms, then you will need professional tech support to remove the malware infection.

If you would like more information on homes for sale, or are first time home buyer not working with a Realtor and would like to schedule a consultation with a qualified Oakland County and Macomb County Realtor, please complete the Lang Premier Properties contact form to have a real estate agent contact you. 

Lang Premier Properties are Birmingham Realtors specializing in Oakland County Real Estate. Stephanie is an agent with Max Broock in Birmingham, Michigan. See what past clients have to say about Stephanie Lang.  Lang Premier Properties looks out for your best interests when you purchase a new custom luxury home. We always recommend working with an experienced luxury real estate agent when buying a new luxury estate.

Leave a Comment